package com.yky.filter.admin;

import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Enumeration;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts2.ServletActionContext;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import com.yky.utils.JsonUtil;

/**
 * 
 * @author vimesly
 * 
 */
public class SessionInterceptor extends AbstractInterceptor{

	private static final long serialVersionUID = 1L;
	
//	protected String tmp = "drop |and |exec |insert |select |delete |update |count |chr |mid |master |truncate |char |declare |or |alert|script|&|function|location";
	protected String tmp = "drop |exec |insert |select |delete |update |count |chr |master |truncate |char |declare |or |alert|script|&|function|location";
	
	@SuppressWarnings("rawtypes")
	public String intercept(ActionInvocation invocation) throws Exception {
		
		HttpServletRequest myrequest = ServletActionContext.getRequest();
		HttpServletResponse myresponse = ServletActionContext.getResponse();		
		Enumeration enu = myrequest.getParameterNames();
		String RequestURL=myrequest.getRequestURL().toString();
		
//		System.out.println("....struts2..RequestURL:"+RequestURL);
//		System.out.println("....struts2..referer:"+myrequest.getHeader("referer"));
		
		if(RequestURL.indexOf("login!exitSystem.action")==-1){
			if(null==myrequest.getHeader("referer")){
				PrintWriter out = myresponse.getWriter();
				out.print("<script>window.parent.location.href='"
						+ myrequest.getContextPath()
						+ "/index.jsp';</script>");
				return null;
			}
		}
		
		try{
			 String sql = "";
	        //对所有参数进行循环
	        while (enu.hasMoreElements()) {
	            //得到参数名
	            String name = (String) enu.nextElement();
	            //得到这个参数的所有值
	            String[] value = myrequest.getParameterValues(name);
	            for (int i = 0; i < value.length; i++) {
	                sql = sql + value[i];
	            }
	        }
	        
	        try {
	        	sql = URLDecoder.decode(sql,"utf-8");
			} catch (UnsupportedEncodingException e) {
				System.out.println("拦截解码异常!");
			}
	        sql=sql.toLowerCase();
	       
			String inj_stra[] =this.tmp.split("\\|");
			for (int i=0 ; i < inj_stra.length ; i++ )
			{
				
				
//				if (sql.indexOf(inj_stra[i])>-1)
//				{
////					System.out.println("---"+sql);
//					String ajaxSubmit = myrequest.getHeader("X-Requested-With");
//					if (ajaxSubmit != null	&& ajaxSubmit.equals("XMLHttpRequest")) { // 判断ajax提交
////						System.out.println("提示：strut2 拦截器  可能有sql注入攻击,已成功拦截！");
//						myresponse.setContentType("application/json");
//						myresponse.setCharacterEncoding("UTF-8");
//						myresponse.setHeader("Cache-Control", "no-cache");
//						PrintWriter pw = myresponse.getWriter();
//						pw.print(JsonUtil.formatToJson(new String[]{"errorstatus"}));
//						pw.flush();
//						pw.close();						
////						myresponse.getWriter().print("errorstatus");
//					} else {
//						PrintWriter out = myresponse.getWriter();
//						out.print("<script>window.parent.location.href='"
//								+ myrequest.getContextPath()
//								+ "/index.jsp';</script>");
//					}
//					
//					SimpleDateFormat sdFormat=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
////					System.out.println("[警告]："+sdFormat.format(new Date())
////							+" strut2 拦截器  可能有sql注入攻击或跨站攻击,已成功拦截！");				
//					
//					return null;
//				}
				
				
				
			}
		}
		catch (Exception e){
			e.printStackTrace();
		}		
		return invocation.invoke();		
	}	
}
